Moze to kogos zainteresuje.
Po tym jak dwa miesiace temu przeczytalem, ze mozna
bez ingerencji czlowieka z dokumentu HTML zmusic
drukarke do jego wydrukowania, to wiedzialem, ze
wkrotce beda wirusy w HTML.
Oczywiscie beda dzialaly "pod" wapanialym MSIE. :)
First HTML Virus Detected
CLEVELAND, OHIO, U.S.A., 1998 NOV 9 (Newsbytes)
-- By Craig Menefee, Newsbytes.
Central Command, the US and Canada Distributor of AntiViral Toolkit Pro
(AVP),
says its associated lab in Moscow has discovered the first HTML virus.
The bug works in Microsoft Corp.'s [NASDAQ:MSFT] Internet Explorer but
not in Netscape Navigator, Opera or other World Wide Web browsers.
Central Command has added detection and removal of the bug to AVP and
a fully functional, free 30-day demo version is available for download,
the firm says.
Keith Peer, president of Central Command, says the bug, named HTML.Internal,
is similar to the recently announced Windows scripting virus,
Winscript.Rabbit,
in that it uses scripts rather than binary coding to work its mischief. Also,
he told Newsbytes, like Rabbit the new bug does not do any damage.
But the bug easily could cause damage, he added, and eventually the new type
of virus will no doubt start coming out with harmful intent.
What the bug does is attach itself to any Hypertext Markup Language (HTML)
files it finds. These are the files read by browser programs. Then, in
classic virus fashion, it has the browser replicate it into other HTML files,
using Visual Basic to search the local system and modify the target files.
The next time the browser looks at an infected HTML file, the process
repeats.
As infected HTML files get posted to the Internet, the virus spreads further.
Newsbytes notes what distinguishes a computer virus is not that it does
anything harmful, but that it uses the resources of the infected files or
machines to reproduce it and spread it around. The current HTML virus is
probably a proof-of-concept bug, with no intent other than to prove it works,
Peer says.
The bug's dependence on Visual Basic accounts for its inability to work in
browsers other than Microsoft Internet Explorer (MSIE), Peer told Newsbytes.
Peer added, "It is the first form that actually can work and is designed to
replicate itself. There has been a lot of interest in this particular bug
and our server has really taken a hammering."
Technically, to replicate itself the virus uses inline script routines
written in Visual Basic. It can replicate only if MSIE security settings
allows script routines to access disk files, a situation that requires
changes to default security settings. Peer says some corporations probably
do change the setting in order to automate file operations without constant
interruptions to users.
The header of an infected HTML file contains the reference for a script
which is the virus' main routine, executed automatically when MSIE accesses
the infected file. The virus searches for all *.HTM and *.HTML files in the
current and all parent directories and infects them. While infecting, the
virus moves the body of file down and writes itself into the beginning of
the file without damaging the host file data.
The AVP program published on November 8 will detect and remove HTML.Internal.
The evaluation version is available for download at http://www.avp.com .
Reported by Newsbytes News Network, http://www.newsbytes.com . >
--
Romek
~~~~ PeCetologia to nauka doswiadczalna Š ~~~~
Received on Wed Nov 11 17:34:51 1998
To archiwum zostało wygenerowane przez hypermail 2.1.8 : Wed 26 May 2004 - 13:57:19 MET DST